def test_third_party_auth_enrollment_embargo(self): course = CourseFactory.create() # Start the pipeline attempting to enroll in a restricted course with restrict_course(course.id) as redirect_url: response = self.client.get(reverse("account_login"), {"course_id": unicode(course.id)}) # Expect that the course ID has been removed from the # login URLs (so the user won't be enrolled) and # the ?next param sends users to the blocked message. expected_providers = [ { "name": "Facebook", "iconClass": "fa-facebook", "loginUrl": self._third_party_login_url( "facebook", "login", course_id=unicode(course.id), redirect_url=redirect_url ), "registerUrl": self._third_party_login_url( "facebook", "register", course_id=unicode(course.id), redirect_url=redirect_url ), }, { "name": "Google", "iconClass": "fa-google-plus", "loginUrl": self._third_party_login_url( "google-oauth2", "login", course_id=unicode(course.id), redirect_url=redirect_url ), "registerUrl": self._third_party_login_url( "google-oauth2", "register", course_id=unicode(course.id), redirect_url=redirect_url ), }, ] self._assert_third_party_auth_data(response, None, expected_providers)
def test_blocked(self, disable_access_check): with restrict_course(self.course.id, access_point='courseware', disable_access_check=disable_access_check) as redirect_url: # pylint: disable=line-too-long response = self.client.get(self.courseware_url) if disable_access_check: self.assertEqual(response.status_code, 200) else: self.assertRedirects(response, redirect_url)
def test_always_allow_course_detail_access(self): """ Access to the Course Structure API's course detail endpoint should always be granted. """ # Make the user staff so that it has permissions to access the views. self.user.is_staff = True self.user.save() # pylint: disable=no-member # Blacklist an IP address ip_address = "192.168.10.20" IPFilter.objects.create( blacklist=ip_address, enabled=True ) url = reverse('course_structure_api:v0:detail', kwargs={'course_id': unicode(self.course.id)}) response = self.client.get( url, HTTP_X_FORWARDED_FOR=ip_address, REMOTE_ADDR=ip_address ) self.assertEqual(response.status_code, 200) # Test with a fully-restricted course with restrict_course(self.course.id): response = self.client.get( url, HTTP_X_FORWARDED_FOR=ip_address, REMOTE_ADDR=ip_address ) self.assertEqual(response.status_code, 200)
def test_embargo_restriction(self): """ The view should return HTTP 403 status if the course is embargoed. """ with restrict_course(self.course.id) as redirect_url: response = self._post_to_view() self.assertEqual(403, response.status_code) body = json.loads(response.content) self.assertEqual(get_absolute_url(redirect_url), body["user_message_url"])
def test_embargo_restriction(self): """ The view should return HTTP 403 status if the course is embargoed. """ with restrict_course(self.course.id) as redirect_url: response = self._post_to_view() self.assertEqual(403, response.status_code) body = json.loads(response.content) self.assertEqual(get_absolute_url(redirect_url), body['user_message_url'])
def test_blocked_by_embargo(self): strategy = self._fake_strategy() strategy.session_set('enroll_course_id', unicode(self.course.id)) with restrict_course(self.course.id): result = pipeline.change_enrollment(strategy, 1, user=self.user) # pylint: disable=assignment-from-no-return,redundant-keyword-arg # Verify that we were NOT enrolled self.assertEqual(result, {}) self.assertFalse(CourseEnrollment.is_enrolled(self.user, self.course.id))
def test_embargo_restrict(self): # When accessing the course from an embargoed country, # we should be blocked. with restrict_course(self.course.id) as redirect_url: response = self._change_enrollment('enroll') self.assertEqual(response.status_code, 200) self.assertEqual(response.content, redirect_url) # Verify that we weren't enrolled is_enrolled = CourseEnrollment.is_enrolled(self.user, self.course.id) self.assertFalse(is_enrolled)
def test_whitelist_ip_skips_country_access_checks(self): # Whitelist an IP address IPFilter.objects.create(whitelist="192.168.10.20", enabled=True) # Set up country access rules so the user would # be restricted from the course. with restrict_course(self.course.id): # Make a request from the whitelisted IP address response = self.client.get(self.courseware_url, HTTP_X_FORWARDED_FOR="192.168.10.20", REMOTE_ADDR="192.168.10.20") # Expect that we were still able to access the page, # even though we would have been blocked by country # access rules. self.assertEqual(response.status_code, 200)
def test_whitelist_ip_skips_country_access_checks(self): # Whitelist an IP address IPFilter.objects.create(whitelist="192.168.10.20", enabled=True) # Set up country access rules so the user would # be restricted from the course. with restrict_course(self.course.id): # Make a request from the whitelisted IP address response = self.client.get( self.courseware_url, HTTP_X_FORWARDED_FOR="192.168.10.20", REMOTE_ADDR="192.168.10.20" ) # Expect that we were still able to access the page, # even though we would have been blocked by country # access rules. self.assertEqual(response.status_code, 200)
def test_third_party_auth_enrollment_embargo(self): course = CourseFactory.create() # Start the pipeline attempting to enroll in a restricted course with restrict_course(course.id) as redirect_url: response = self.client.get(reverse("account_login"), {"course_id": unicode(course.id)}) # Expect that the course ID has been removed from the # login URLs (so the user won't be enrolled) and # the ?next param sends users to the blocked message. expected_providers = [{ "name": "Facebook", "iconClass": "fa-facebook", "loginUrl": self._third_party_login_url("facebook", "login", course_id=unicode(course.id), redirect_url=redirect_url), "registerUrl": self._third_party_login_url("facebook", "register", course_id=unicode(course.id), redirect_url=redirect_url) }, { "name": "Google", "iconClass": "fa-google-plus", "loginUrl": self._third_party_login_url("google-oauth2", "login", course_id=unicode(course.id), redirect_url=redirect_url), "registerUrl": self._third_party_login_url("google-oauth2", "register", course_id=unicode(course.id), redirect_url=redirect_url) }] self._assert_third_party_auth_data(response, None, expected_providers)
def test_embargo_change_enrollment_restrict(self): url = reverse('courseenrollments') data = json.dumps({ 'course_details': { 'course_id': unicode(self.course.id) }, 'user': self.user.username }) # Attempt to enroll from a country embargoed for this course with restrict_course(self.course.id) as redirect_url: response = self.client.post(url, data, content_type='application/json') # Expect an error response self.assertEqual(response.status_code, 403) # Expect that the redirect URL is included in the response resp_data = json.loads(response.content) self.assertEqual(resp_data['user_message_url'], redirect_url) # Verify that we were not enrolled self.assertEqual(self._get_enrollments(), [])
def test_non_courseware_url(self): with restrict_course(self.course.id): response = self.client.get(self.non_courseware_url) self.assertEqual(response.status_code, 200)
def test_embargo_change_enrollment_restrict_geoip(self): """ Validates that enrollment changes are blocked if the request originates from an embargoed country. """ # Use the helper to setup the embargo and simulate a request from a blocked IP address. with restrict_course(self.course.id) as redirect_path: self.assert_access_denied(redirect_path)
def test_blocked(self): with restrict_course(self.course.id, access_point='courseware') as redirect_url: response = self.client.get(self.courseware_url) self.assertRedirects(response, redirect_url)
def test_embargo_restrict(self): with restrict_course(self.course.id) as redirect_url: response = self.client.get(self.url) self.assertRedirects(response, redirect_url)